| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-35037 | Ech0 affected by unauthenticated SSRF in GetWebsiteTitle allows access to internal services and cloud metadata | lin-snow | Ech0 | High | 7.2 | 2026-04-06 16:56:55 | Deep Dive |
| CVE-2026-35036 | Ech0 Affected by Unauthenticated Server-Side Request Forgery in Website Preview Feature | lin-snow | Ech0 | High | 7.5 | 2026-04-06 16:55:48 | Deep Dive |
| CVE-2026-33638 | Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint | lin-snow | Ech0 | Medium | 5.3 | 2026-03-26 20:52:40 | Deep Dive |